This Privacy Policy explains how Neuradesk Technologies Pvt. Ltd. ("Neuradesk", "we") processes personal data when you use Neuradesk Hire ("the Service") at hire.neuradeskai.com. Neuradesk Hire is regulated by India's Digital Personal Data Protection Act, 2023 ("DPDP").

1. Data we collect from recruiters

When you, as a recruiter or hiring-team member, sign up for the Service, we collect: name, work email, organization name and domain, role title, billing address, GSTIN where provided, IP address at signup, and authentication metadata (password hash, session tokens, MFA artifacts).

We use this data for: account provisioning, authentication, billing, GST compliance, fraud prevention, and customer support. We retain account data for the lifetime of the account plus seven years after account closure (Income Tax Act mandates a six-year retention; we add a one-year buffer for ambiguity).

2. Data we process on behalf of recruiters about candidates

When you use the Service to evaluate candidates, you become the data fiduciary under DPDP §2(i). We act as a data processor on your behalf. The data includes:

Resume content the candidate uploaded or you imported
Application metadata (role applied to, application date, source)
Pipeline stage transitions and timestamps
Interview scorecards your team submits
Interview recordings (only when the candidate has explicitly consented, retained 30 days by default, candidate-revocable any time per DPDP §6)
Messaging conversation content within the platform

Your processing obligations as the data fiduciary include obtaining and recording consent, providing candidate access on request, deleting on consent withdrawal, and notifying breaches. The Service provides tooling for each.

3. Data we do not collect or sell

We do not sell candidate or recruiter data. We do not use candidate data to train models that other customers benefit from. We do not permit third-party advertising trackers on the recruiter dashboard. We do not share interview recordings with model providers without explicit recruiter and candidate consent.

4. Sub-processors

We use the following sub-processors to deliver the Service. Each is bound by a Data Processing Agreement that mirrors our obligations to you:

Vercel (USA)— hosting, edge compute, static asset CDN. EU-US Data Privacy Framework participant.
Neon (Postgres) (EU)— primary database. EU-region storage; cross-border transfer disclosed.
100ms (India)— primary video room provider. India-region storage.
Daily.co (USA)— failover video provider.
Stripe (USA)— payment processing for international customers. Indian customers use Razorpay.
Razorpay (India)— payment processing for INR-denominated subscriptions.
Sentry (USA)— error monitoring. PII redacted before send.
AI inference providers— OpenAI, Anthropic, Google. Inference requests do not retain content for training (per their enterprise terms).

5. International data transfer

Some of the sub-processors above store data outside India. Under DPDP §16, we require each sub-processor to provide reasonable security safeguards and comply with their applicable privacy law (GDPR for EU, sector regulations for US). We disclose this list to you so you can disclose it to your candidates as required.

6. Security

Reasonable security safeguards under DPDP §8(8) include: multi-tenant Postgres row-level security (no cross-org data leaks at the database layer), HMAC-signed audit chain (every action is tamper-evident), encrypted-at-rest data (AES-256), encrypted-in-transit (TLS 1.3), and SAML SSO for enterprise. We document our full security posture at /hire/security.

7. Candidate rights

Candidates whose data is processed via Neuradesk Hire have the following rights under DPDP §11. Requests should be directed to their applying organization (the data fiduciary) first; we will cooperate to fulfill requests within 30 days:

Right to access all personal data we hold
Right to correction of inaccurate data
Right to erasure when the purpose is fulfilled
Right to withdraw consent at any time
Right to grievance redressal via the DPO
Right to nominate another person to act on their behalf
Right to be informed of any breach involving their data

8. Grievance redressal

Our Data Protection Officer is reachable at dpo@neuradeskai.com. If our response does not resolve your concern, you may escalate to the Data Protection Board of India.

9. Changes to this policy

When we update this Policy in a way that materially changes how we handle personal data, we will notify recruiter customers via email and the in-app banner, increment the version number, and re-collect explicit consent where DPDP requires it.

10. Contact

Questions about this Policy: privacy@neuradeskai.com
DPDP-specific requests: dpo@neuradeskai.com
Enterprise compliance reviews: sales@neuradeskai.com